Focusing primarily on popular online social networks like Facebook, this article provides an overview of the main social and legal challenges attending the use of facial-recognition technologies on these platforms and explores ways of governing the associated privacy implications, specifically from a European data protection perspective. The authors discuss potential legal, technological, and business model responses to these developments.